Some enterprises (e.g., corporations, partnerships, governments, academic institutions, other organizations, etc.) maintain enterprise computer networks that allow enterprise users, such as employees, access to enterprise resources, such as hardware and software applications for email, customer relationship management (CRM), document management, enterprise resource planning (ERP), and the like, as well as other data controlled by the enterprise. Enterprises sometimes allow remote access, such as when enterprise users are not in the enterprise network. Also, some enterprises allow users to access the enterprise network via mobile devices, such as smartphones, tablet computers, PDAs (personal digital assistant), and the like. Enterprises typically deploy enterprise mobility management (EMM) solutions to assist in the management and control of remote access to enterprise resources. EMM solutions have traditionally taken the approach of managing entire mobile devices through what are known as mobile device management (MDM) approaches. In preexisting EMM solutions, enterprises typically issue mobile devices to employees, which are intended exclusively for business use, and the enterprise maintains control over the mobile devices and all of its applications and data. A recent trend is to allow employees to use their own mobile device(s) for work purposes (a scenario known as BYOD—bring your own device). However, BYOD scenarios pose inherent security risks, because there is neither uniform nor universal control over each device.